Realistic vulnerabilities of decoy-state quantum key distribution

TL;DR

This paper reveals vulnerabilities in decoy-state quantum key distribution caused by laser damage and unambiguous state discrimination, showing how an attacker can compromise security with current technology and proposing countermeasures.

Contribution

It identifies a novel attack combining laser damage and USD on decoy-state QKD, demonstrating how it can fully compromise security undetected.

Findings

Eavesdropper can increase mean-photon numbers beyond security thresholds.

Standard security checks may not detect the attack at high photon numbers.

Modified USD setups and hardware safeguards can mitigate the vulnerabilities.

Abstract

We analyze realistic vulnerabilities of decoy-state quantum key distribution (QKD) arising from the combination of laser damage attack (LDA) and unambiguous state discrimination (USD). While decoy-state QKD is designed to protect against photon-number-splitting and beam-splitting attacks by accurately estimating the single-photon fraction, it relies on stable attenuation to prepare pulses with fixed mean-photon numbers. An eavesdropper (Eve) can exploit LDA to irreversibly alter the optical components on Alice's side, effectively increasing the mean-photon numbers beyond the decoy-state security regime. We show that once the alteration exceeds a critical threshold - on the order of 10--20 dB - Eve can implement an efficient USD-based intercept-resend strategy using current off-the-shelf technology, thus obtaining the entire secret key. Numerical simulations confirm that for sufficiently elevated mean-photon numbers, Eve's conclusive measurement outcomes skew the decoy-state statistics, yet remain undetected by standard security checks. We further demonstrate how a modified USD setup employing an additional beam splitter can reduce the required threshold, facilitating Eve's attack. Additionally, we introduce the pseudo-photon-number resolution (PPNR) USD attack, which allows Eve to emulate all observable gains at Bob's side so that she remains fully undetectable even with advanced statistical checks. Our findings emphasize the need for robust safeguards against high-power laser damage in QKD systems, including careful hardware selection, rigorous testing under high-power illumination, and real-time monitoring to ensure the integrity of the decoy-state protocol.